ID

VAR-202007-1133

CVE

CVE-2020-6514

TITLE

Google Chrome Vulnerability in

DESCRIPTION

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Google Chrome There is an unspecified vulnerability in.Information may be tampered with. Google Chrome is a web browser developed by Google (Google). WebRTC is one of the components that supports browsers for real-time voice or video conversations. An attacker could exploit this vulnerability to bypass security restrictions. For the stable distribution (buster), these problems have been fixed in version 68.11.0esr-1~deb10u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8huUkACgkQEMKTtsN8 TjZrWRAAmJKPn+TnXVDcxt9OC/ko2aovs7IotOScCOvjO9Aez+l64cUEOAj4Zxc1 gd/CC/fW/LNudbmLrMKjGft3bFwi/78htATpgcJE5diEjEVlyvgMJiwvwoN+zOO2 1u4hgN6sYiBVnEKBOtS3wA0VGa19tW5mWXWZgtfmEMfuNpz3bUQ8ApQ48M47VdUO JjZbtTP92N8h99Mko3k2Z2xUDimRZ0xvVYXmEQ9lUzQnNpz0yKwSuo/GsjnH3l1n 2Y8ih+m9pCuYfcpXvWtLlQc70koS84MaAzdqYsp1xMpXLHzejDM/e0oDEJppBjwP 0U4qHSbirlwMHn1PSILFsDjYfTwSmFUqvmPb9mcPMnz60xuh6IT+2RUKXekBo263 1uhlHgqd5+hWYuWxQz7FgssJVUzfH2ZzaIoTRTYtTQVJmHeYViWf54AEGP36D6++ I8tNyCVTbDW+114dWjAmkuQ+yVjt0eSb4rqLqwcKxvNT6cCzRRJp2/tSsQCAvFdB dzExvQQMD/t4o+0BUYxani0jJf9DR9N7BoUBQdI0eZNV/mJ1BmDWXJqEpExhilfb 9QlI6oRu/Cw05BpkD1FKeXR+MgMKpi/jubhsYkZQcV9t7C0D/L13DEAqxr4zi4te eLLP/BQ3bl+h71ZHBCYCpbCc+joreguC3Z09IaDYFafewmOACHs= =QMwo -----END PGP SIGNATURE----- . WebRTC: usrsctp is called with pointer as network address When usrsctp is used with a custom transport, an address must be provided to usrsctp_conninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value. Unfortunately, this value is often transmitted to the peer, for example to validate signing of the cookie. This could allow an attacker access to the location in memory of the SctpTransport of a peer, bypassing ASLR. To reproduce, place the following code on line 9529 of sctp_output.c. This will output the peer's address to the log: struct sctp_state_cookie cookie2; struct sctp_state_cookie* cookie3; cookie3 = sctp_get_next_param(cookie, 4, &cookie2, sizeof(struct sctp_state_cookie)); LOGE(\"COOKIE INITACK ADDRESS %llx laddress %llx\", *((long long*)cookie3->address), *((long long*)cookie3->address)); Or, view the SCTP packets sent by WebRTC before they are sent to the encryption layer. They are full of pointers. This bug is subject to a 90 day disclosure deadline. After 90 days elapse, the bug report will become visible to the public. The scheduled disclosure date is 2020-Jul-28. Disclosure at an earlier date is possible if agreed upon by all parties. Related CVE Numbers: CVE-2020-6514. Found by: deadbeef@chromium.org . 8.0) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:3254-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3254 Issue date: 2020-07-30 CVE Names: CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE 1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC 1861570 - CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker 1861572 - CVE-2020-15659 Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: firefox-68.11.0-1.el8_1.src.rpm aarch64: firefox-68.11.0-1.el8_1.aarch64.rpm firefox-debuginfo-68.11.0-1.el8_1.aarch64.rpm firefox-debugsource-68.11.0-1.el8_1.aarch64.rpm ppc64le: firefox-68.11.0-1.el8_1.ppc64le.rpm firefox-debuginfo-68.11.0-1.el8_1.ppc64le.rpm firefox-debugsource-68.11.0-1.el8_1.ppc64le.rpm s390x: firefox-68.11.0-1.el8_1.s390x.rpm firefox-debuginfo-68.11.0-1.el8_1.s390x.rpm firefox-debugsource-68.11.0-1.el8_1.s390x.rpm x86_64: firefox-68.11.0-1.el8_1.x86_64.rpm firefox-debuginfo-68.11.0-1.el8_1.x86_64.rpm firefox-debugsource-68.11.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6463 https://access.redhat.com/security/cve/CVE-2020-6514 https://access.redhat.com/security/cve/CVE-2020-15652 https://access.redhat.com/security/cve/CVE-2020-15659 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXyMe2tzjgjWX9erEAQiMVRAAmN/DzFFd3/qeFZqBRIqxtIY+lMZEMi0B FnbXnuE/fGOiV/qNveQ5d/2HUjW+j5crVzh4TjcrFMuKHu6y6BWAHpT5+qR5LO9L SvoOYMvfedrHqKSTbTJeeaWG5OI6sDCCj9ZM3YyjdNuuncSBdu15Zv+YYHJU4bUn Sf103Wo5+YL0xpPYQhc6pbqws3uOgb7uQhJhesfY0O5uXU4jTIdRDXUg0PQTqs29 JQk2p2ka89S+hGTuzlFGRd5DudEXOVwJGyWg+/wQlkXTZIFif2Bxas+XE+eh/s/n /+IRxA8qtqWBjogyMIrWU/iImdRbKCcL/qm4ZNbvc/6MalevIM501Py+TFZuB4mY EyMs7E/YOOsuBmMUg15d3AlUayqS1kJy4oiLISlDY8yaZvheRvcNuMC+wZWXF7IY H6vTRCRDViUGXVYkATeSYfCgESm1/kpxMWPXUPYXL59u5qaO7ERImXmHhrrF8NYx UiRCs4aoQyIU9Vv8FrHfX/ZXlOLJX4vItdHI7kpbXhfNl4NFjfqPTDM4sxxeQLMJ FMJ4uGeoag2068KYWwMYNHe1sqPt97YJ6CejZNOugW+jl6YDSg9SNvfQ68hkIeJV lREUp5Ke3KTWit10eRAGlSnno/QMZcamz3ZNWEzprq3D6NnPZy3Dz735DghM4vfd ENVFOrsrvrs=Mylk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Natalie Silvanovich of Google Project Zero

SOURCES

LAST UPDATE DATE

2026-04-18T22:54:27.683000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE